Protecting Your Data When Working Remotely
Is your law firm prepared for remote working?
Bars, restaurants, clubs, gyms and social spaces have been asked to close by the government with all employees advised to work from home wherever possible.
With over 7,400 law firms in the UK holding client money and all legal professionals and their workplaces storing extremely sensitive personal data, it is imperative firms have their systems set up and cyber security cultures embedded.
Cyber criminals jump at any chance to exploit our weaknesses and anxieties surrounding Covid-19 is no exception. Already, police forces in the UK have reported cyber criminals actively sending out phishing emails claiming to be sent from the World Health Organisation (WHO) or Centres for Disease Control and Prevention (CDC). The attached links contain malware if opened.
When law firms are increasingly faced with working remotely, it is imperative that all people from partners to administrative support are aware of the dangers, ensuring their firm and client data is protected.
Here are some absolute musts law firms must follow in order to stand the best chance of staving off unscrupulous cyber criminality:
- Ensure your systems are secure – All businesses should have a clear cyber security certifications such as the government backed Cyber Essentials or Cyber Essentials Plus. These certifications will ensure your firm has the baseline defences to secure your systems and protect your data
- Make sure all remote devices are secure – All employees should use devices set up to use a VPN (Virtual Private Network) which will ensure that all devices are connected to the law firm’s server and cyber protections
- Use online communication systems – Don’t assume working remotely means a communication suspension. For our own sanity, communicating using virtual conference and communication systems, like Skype or Microsoft Teams, can be an invaluable tool in retaining communication with clients and colleagues whilst maintaining some semblance of human contact and normality
- Adhere to cyber security policies and ensure robust cultures and protocols are followed:
- This will mean employees should be cautious to avoid malicious content and phishing attempts. Do not click on links from suspicious or unknown senders. Be extra vigilant when dealing with emails. Make sure you are aware of phishing warning signs. Emails with spelling errors, obvious punctuation mistakes and grammatical or syntactical inaccuracies should be treated as suspicious and forwarded to your IT or security team. Any email sent from unexpected senders, like HM Revenue and Customs, should be forwarded to your IT team to assess the validity of the source
- All systems should be secure with robust and individualised passwords. Don’t make it easy for criminals by using any obvious passwords which could be easily guessed. Use a combination of letters, cases, numbers and special characters. Possible use a password generator to ensure all passwords are unique. Use password management software to store all difficult and unique passwords; this way, your personal password is the only one you need to remember
- Avoid forwarding emails and messages to personal accounts more susceptible to cyber attacks
- Avoid using public wi-fi when working remotely
- All personal devices should have basic cyber protections like anit-virus software
Most of all, be safe. These are strange times we are living in; protect yourselves by following governmental advice and make sure you are doing everything to maintain your mental health.